On Fri, 24 Mar 2000 [EMAIL PROTECTED] wrote:
> >On Thu, 23 Mar 2000 [EMAIL PROTECTED] wrote:
> >
> >> The trade off between performance and protection sufficiency is a well
> >> known issue in the world of data security. As suggested by Mr. Van der
> >> Kooij, it is possible to make files go through eSafe Gateway without
> being
> >> scanned for viruses, thus creating security holes. eSafe believes that
> >> relying on file extension in order to avoid threats and virus assaults
> is
> >> highly efficient. This is definitely not due to a "flawed design". We,
> at
> >> eSafe, believe that it is possible to achieve a high level of security
> and
> >> privacy, while relying on the files extensions. In order to gain good
> >> security, and, at the same time, good network performance, it is
> possible
> >> (and recommended) to avoid scanning of files that are predefined as
> "Safe"
> >> (or files that are not defined as "Dangerous"). It would often be
> redundant
> >> to scan each and every file which goes through the system.
> >
> >The fact that ESP does not allow a security officer to make a company
> >strategy but forces a strategy upon it's customers is dangerous and for
> >some clients unacceptable.
>
> You may have overlooked the paragraph prior to that one: It is possible to
> inspect each and every file on the system. eSafe Gateway allows any system
> administrator implement any company security policy. Again, we believe that
> cutting down the number of files which are defined as dangerous is an
> optimal balance, but a worried administrator can avoid that policy and
> suspect any file regardless of its extension.
The lab tests performed by my client and duplicated in my own lab have
proven that any file using the MIME header TEXT/HTML is passed without
verificationi regardless of the extension. We used all settings as
advocated by your Dutch office to stop and scan ALL files.
Using another vendor's CVP server I was able to verify the issue was not a
FireWall-1 problem but in fact that of the ESPG CVP server. Trend Micro
did find the virus in both TEXT/PLAIN and TEXT/HTML MIME types.
I suggest you try the case with HTTP resources on a FireWall-1 v4.0 SP4
installed on a Nokia IP-440 with IPSO v3.2.0 to duplicate the test before
claiming to be bugfree.
I also suggest you verify things with the Dutch office where I did report
the issue some time ago.
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
[EMAIL PROTECTED] http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Use of any of my email addresses for unsollicited (commercial)
email is a clear intrusion of my privacy and illegal!
